CVE-2019-25149

Gallery Images Ape <= 2.0.6 - Authenticated Plugin Deactivation

CVSS 7.6 HIGHEPSS 0.6%CWE-285

Vexday Risk Score

21Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS 7.6EPSS 0.6%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

07 jun 2023Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

The Gallery Images Ape plugin for WordPress is vulnerable to Arbitrary Plugin Deactivation in versions up to, and including, 2.0.6. This allows authenticated attackers with any capability level to deactivate any plugin on the site, including plugins necessary to site functionality or security.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H

Produtos afetados

galleryape · Gallery Images Ape

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://blog.nintechnet.com/wordpress-ape-gallery-plugin-fixed-authenticated-arbitrary-plugin-deactivation-vulnerability/https://www.wordfence.com/threat-intel/vulnerabilities/id/dfd6c2b8-b00c-49d1-930f-50397e742ac5?source=cve